<?php
	/*
	 * $Id: mpay24_confirm.php,v 1.2 2009/08/27 09:35:13 thomas Exp $ *
	 */

	/* $_GET:
	 * PARAMETER		VALUE(s), description
	 * token          should be the same as generated with the request
	 * OPERATION 		CONFIRMATION
	 * TID				string, length <= 32
	 * STATUS 			RESERVED, BILLED, REVERSED, CREDITED, ERROR
	 * PRICE 			int, length = 11 (e. g. "10" = "0,10")
	 * CURRENCY			string, length = 3 (ISO currency code, e. g. "EUR")
	 * P_TYPE			CC, ELV, EPS, GIROPAY, MAESTRO, MIA, PB, PSC, QUICK
	 * BRAND			AMEX, DINERS, JCB, MASTERCARD, VISA, ATOS, HOBEX-AT, HOBEX-DE, HOBEX-NL, ARZ, BA, ERSTE, HYPO, RZB, ONE, T-MOBILE
	 * MPAYTID			int, length = 11
	 * USER_FIELD
	 * ORDERDESC
	 * CUSTOMER
	 * CUSTOMER_EMAIL
	 * LANGUAGE			string, length = 2
	 * CUSTOMER_ID		int, length = 11
	 * PROFILE_STATUS	IGNORED, USED, ERROR, CREATED, UPDATED, DELETED  
	 */

	// check if the confirmation comes from mPAY24 IP addresses
	$mPAY24 = "213.164.25.245";  // www.mPAY24.com
	#$mPAY24= "213.164.23.169";  // test.mPAY24.com
	
	// read token from database, file, ...
	#$token ...
	
	if($_GET['token'] == $token && $_SERVER['REMOTE_ADDR'] == $mPAY24){
		switch($_GET['STATUS']){
		   case 'RESERVED':
		      // set payment state to RESERVED
		      break;
		   case 'BILLED':
		      // set payment state to BILLED
		      break;
		   case 'REVERSED':
		      // set payment state to REVERSED
		      break;
		   case 'CREDITED':
		      // set payment state to CREDITED
		      break;
		   case 'SUSPENDED':
		      // set payment state to SUSPENDED
		      break;
		   case 'ERROR':
		      // set payment state to ERROR
		      break;
		   default:
		      // set payment state to ERROR
		      break;
		}
		
		// output the received parameters
		print "OK: \r\n";
		print_r($_GET);
	}else{
		// if confirmation is not from mPAY24
		print "ERROR: ACCESS DENIED!";
	}
?>